CanvasBlocker

Go to file

kkapsner f1ce5c86f4 Changes for release submission		2019-02-04 13:46:03 +01:00
.documentation	Added note to not double protect APIs	2019-02-02 12:25:46 +01:00
.github	Improved issue template	2017-12-17 12:00:09 +01:00
.tools	Removed unused messages	2018-09-23 12:56:16 +02:00
.vscode	Added task to open git UI	2018-10-13 12:30:49 +02:00
_locales	Grammar	2019-01-20 17:41:54 +01:00
browserAction	Search in browser action did not work every time.	2018-10-09 20:44:13 +02:00
icons	Merge branch 'whitelistedIndicator'	2018-09-16 14:08:00 +02:00
lib	Protection for history.length did not work	2019-02-04 13:40:44 +01:00
options	Reset settings for everybody	2019-01-29 20:03:27 +01:00
pageAction	Separated setting containers	2018-09-16 01:22:40 +02:00
test	Added description of how to use the detection test	2018-10-09 13:11:38 +02:00
.eslintrc.json	Linting	2019-01-24 15:43:20 +01:00
.gitattributes	💥🐫 Added .gitattributes	2014-07-31 03:04:18 +02:00
.gitignore	Updated gitignore	2017-12-19 23:56:07 +01:00
LICENSE.txt	Added MPL	2015-01-16 13:05:40 +01:00
README.md	Added note to not double protect APIs	2019-02-02 12:25:46 +01:00
canvasblocker.xpi	Changes for release submission	2019-02-04 13:46:03 +01:00
manifest.json	Version 0.5.7	2019-01-26 21:19:08 +01:00
releaseNotes.txt	Protection for history.length did not work	2019-02-04 13:40:44 +01:00

README.md

This add-on allows users to prevent websites from using the some Javascript APIs to fingerprint them. Users can choose to block the APIs entirely on some or all websites (which may break some websites) or just block or fake its fingerprinting-friendly readout API.

IMPORTANT: you should only have ONE addon/setting set that protects an API. Otherwise you could face massive performance issues. (E.g. EclipsedMoon for Palemoon has 'canvas.poison' which is known to cause issues: https://github.com/kkapsner/CanvasBlocker/issues/253#issuecomment-459499290) But setting privacy.resistFingerprinting to true is fine.

More information on fingerprinting can be found at:

<canvas>: http://www.browserleaks.com/canvas
audio:
- https://audiofingerprint.openwpm.com/ (very poorly written = slow)
- https://webtransparency.cs.princeton.edu/webcensus/#audio-fp
DOMRect:
- http://jcarlosnorte.com/security/2016/03/06/advanced-tor-browser-fingerprinting.html
- https://browserleaks.com/rects

The different block modes are:

fake: Canvas Blocker's default setting, and my favorite! All websites not on the white list or black list can use the protected APIs. But values obtained by the APIs are altered so that a consistent fingerprinting is not possible
ask for permission: If a website is not listed on the white list or black list, the user will be asked if the website should be allowed to use the protected APIs each time they are called.
block everything: Ignore all lists and block the protected APIs on all websites.
allow only white list: Only websites in the white list are allowed to use the protected APIs.
block only black list: Block the protected APIs only for websites on the black list.
allow everything: Ignore all lists and allow the protected APIs on all websites.

Protected "fingerprinting" APIs:

canvas 2d
webGL
audio
history
window (disabled by default)
DOMRect

Special thanks to:

spodermenpls for finding all the typos
Thorin-Oakenpants for the icon idea
anthologist for the Italian translation
Maleficient for the French translation
yfdyh000 for the Chinese translation
micrococo for the Spanish translation
STim99 for the Russian translation

If you want to support this addon you can donate to the following addresses:

bitcoin: 159Y9BLcfHyrp6wj6f3syEuk92xkRVTiie
monero: 482QYZaagALWtPmwbptwBaexDYmcVsJrhJp2VVjTgjYA3Kk1YyMdSg9Wz2qz1Gh31E843PFVCDWS4hR4Bjf6ipWuB9iz2cs